Him, an adventurer, CISO, soldier, Marine, law officer, author, professor, spy, yachty, motorcyclist, photographer. Her, was the church lady librarian, got divorced, joined a motorcycle gang, became a hacker, and world adventurer.

Main menu

Different realities and the impacts on policy

Adam Elkus has a great piece on how cyber punk has killed cyber security. I strongly suggest that you read it if you have time. This is a great way to get into some of the interesting pieces of how technology expectation early on drives an enthusiasm for a reality that has never existed. Gibson and a few of the luminaries have talked about near term projection and thinking versus long term thinking in terms of science fiction. One example I’ve seen is that of Star Trek and the ubiquitous communicator. Originally when cell phones were still the size and weight of a masonry brick, then when the flip phone was created, and now with the iconic glass block the communicator has infected first principles of tech adoption.
First principles of tech thinking are that if something is seen, regardless of the utility of that first prototype, it will infect the following instantiations of the technology. This in political science I’ve heard called the Jefferson mechanism, or “he who sets the agenda sets the results”. Regardless it is a principle that the first to market defines the market. Homilies aside this is most certainly true in the cyber security realm. When thinking about current technologies there are myriad issues with the actual design. As a simplistic example the QWERTY keyboard exists with angled rows to reduce mechanical linkage issues. My iPad keyboard has that exact same angling even though there is nothing mechanical in the keyboard.

There are prevalent metaphors in the information security field. The castle metaphor of defense in depth is a key metaphor to replicate a security principle. Unfortunately as rendered on white boards in class rooms, as a two dimensional representation, of a three dimensional object of a four dimensional process, of a multi-dimensional problem it leaves a lot to be desired. The information assurance and security principle as applied to cyber security is another failing metaphor. Cyber is a domain of content, context, communication, coordination, and so much more. Thinking that simplistic infosec principles are going to secure that kind of environment is mildly obtuse

We’ll set aside the huge fight over things like defense in depth as discussed elsewhere after one simple anecdote. When I went to publish an article on the issues with defense in depth I was told that nobody would publish and article like that. It would mean having to rewrite all of the text books and professors would have to completely over haul their lecture notes. So I posted it on my blog.

There is an interesting element to what Adam Elkus is writing that might get missed. The angst ridden teenagers watching a lot of early 80s and 90s manga were seeking far flung escapism. The writers were wrestling with a world of technology apparently run amok. Questions were rising into the collective media consciousness of what this new automated world of information might mean to the world and society. Cyber punk as a genre represent a dystopian and utopian threads. A common aspect as discussed by Elkus was the idea of jacking into the new cyber world. Escaping the harsher reality and in some dystopian books that reality was harsh. The idea that people would escape and put the human in the computer is an important concept.

A friend Marc Tyrell and I once discussed the symbolism of “jacking in” and abandoning the body. This of course happened in a bar where most of these discussions should happen. His discussions lead me to think of the escapism and abandonment of the corporeal for the pseudo control of the cyber world. I think that a statement from some Manga comic long forgotten was something like, “It is all made up of code, lots and lots of code, but at least it has rules.” Unlike the real world where the rules are infinitely more complex. Unfortunately those rules in the cyber realm of the code may be hard to understand have risen to the code is no longer comprehensible.

The emerging technology vector of cyber reality is not jacking in, or putting the human in the computer. For quite some time the reality of cyber has been over laid upon the physical reality. This emergent experience is a version of augmented reality where the infospace of cyberspace. Infospace is not synonymous with cyberspace but is more like the weather in the real world. Gibson in several of his books on cyberspace (and clothing style?) have discussed the emergence of augmented reality. Numerous iPhone applications exist to allow the person to interact with the cyberspace around them. From tours, to GPS navigation with advertisements included the two spaces are shore and sea interacting at that beach.

Augmented reality is why unmanned aerial vehicles can work. Augmented reality is the heads up display in a fighter jet giving friend and foe recognition for targeting devices. Information through a variety of interfaces is placed into the physical reality. As seamless we already see the physical reality being modeled and data places into the cyberspace why shouldn’t the opposite be true? What hasn’t existed until the smart phone and now special glasses is a mechanism for accessing the information realm. Though with geo cacheing and a variety of games that is changing.

If you doubt the power of augmented reality think about the ability for soldier to make friend or foe recognition based on extremely large data sets and behavioral analysis done over a lifetime. That is the kind of information base that we can tie into now. With facial recognition software a salesman could tie into a corporate data service and know which entities are buyers and sellers at a corporate mixer. Augmented reality would have significantly more attention, but the experience is has been so seamlessly crafted to make the blurring between the two realities nearly seamless.

There is more power in augmented reality than Google, Microsoft and the United States federal government combined. Since augmented reality is the fusion point between cyberspace and real space all of the powers of the former can be enacted on the other and vice a versa. Since it is augmented people could be linked to particular channels of information. A police officer might be in a security channel as they walk around, and see wants and warrants for every person in their environment. A salesman might be watching prospective car buyers with a financial profile and previous purchasing history available.

How could this be more powerful than the federal government? Imagine watching a presidential debate and every statement, utterance, and emotional eye twitch is being evaluated and trustworthiness is overlaid onto the reality. Since you should be able to have partisan channels different realities would be exposed to different people. An independent non-fact based personal channel could be customized for each individual thereby enhancing biases and reducing cross-cultural communication. Each person then could be evaluated based on their custom personal channel.

Getting to a point where we can understand all of the changes that technology is adapting towards is an illusive goal. I can imagine two old guys drinking the eras equivalent of beers watching the neighbor install wheels onto a travois saying to each other, “Damn kids, there goes the neighborhood.” Which gets to a final point. Cyber keeps coming around again and again, and it is mind numbing how much ink gets spilled on things that were discussed to death merely a decade or sometimes months ago. Often our best guess on technology isn’t based on the physical manifestations of the technology but on the patterns of human use of that technology. The physical artifacts of technology change but the human use case rarely changes. When their are substantive changes in human interaction or use of a technology the use case usually swings back faster than most expect. I could inject comments about FaceBook and young adult use of social media, but think most can do the math there.

RSS Links

Cyber?

Cyber security and the technologies of securing the information enterprise of industry and government require a trans-disciplinary while still STEM focused research agenda. The term “cyber” itself denotes a human cognitive centric concept that deals with the disintermediation of technology centered within human activity. The changing focus from system threat mitigation to enterprise risk management has opened completely new areas of inquiry into security.